CN110806972A - Control flow error detection method based on basic block repartitioning - Google Patents

Control flow error detection method based on basic block repartitioning Download PDF

Info

Publication number
CN110806972A
CN110806972A CN201910959641.2A CN201910959641A CN110806972A CN 110806972 A CN110806972 A CN 110806972A CN 201910959641 A CN201910959641 A CN 201910959641A CN 110806972 A CN110806972 A CN 110806972A
Authority
CN
China
Prior art keywords
sps
basic block
control flow
label
nts
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910959641.2A
Other languages
Chinese (zh)
Inventor
庄毅
张倩雯
晏祖佳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing University of Aeronautics and Astronautics
Original Assignee
Nanjing University of Aeronautics and Astronautics
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing University of Aeronautics and Astronautics filed Critical Nanjing University of Aeronautics and Astronautics
Priority to CN201910959641.2A priority Critical patent/CN110806972A/en
Publication of CN110806972A publication Critical patent/CN110806972A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/362Software debugging
    • G06F11/3636Software debugging by tracing the execution of the program
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/362Software debugging
    • G06F11/3644Software debugging by instrumenting at runtime

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention discloses a control flow error detection method based on basic block repartitioning, which classifies basic blocks in a target program; repartitioning the basic blocks in the target program; generating an initial tag value for the target program; performing instrumentation of label updating codes on the target program; performing instrumentation of a tag verification code on a target program; performing basic internal control flow error detection code instrumentation on a target program; performing inter-process control flow error detection code instrumentation on a target program; and carrying out fault injection experiments on the target program after the error detection codes are inserted. The method has high detection rate on the control flow errors and low performance overhead, and can be applied to the detection of the program control flow errors caused by transient faults in the severe space environment.

Description

Control flow error detection method based on basic block repartitioning
Technical Field
The invention belongs to the field of soft reinforcement and trusted software, and particularly relates to a control flow error detection method based on basic block repartitioning, which is mainly applied to transient fault detection and soft reinforcement of software.
Background
With the development of integrated circuit technology, the chip size is continuously reduced, and the performance of a computer is greatly improved and is more easily affected by space radiation. In the space environment, the single event effect caused by high-energy particle irradiation or electromagnetic pulse interference and other factors is one of the main reasons for the failure of a computer system. Single Event Upset (SEU) is the most prominent manifestation of Single Event effects. A system hardware fault caused by a single event upset is called a soft error and is a transient fault. The impact of a soft error on system reliability is that it can propagate into the program causing a state exception or functional failure of the program. In the field of research of on-board computers, multiple single event upset events have occurred, causing severe damage to computer functions. Studies have shown that 33% -77% of transient faults can lead to control flow errors and the rest to data flow errors of the program. Therefore, a highly reliable system must have the ability to detect control flow errors.
The detection of control flow errors mainly develops from two aspects of hardware detection and software detection. Software-based control flow error detection techniques are of interest because of their portability and versatility. Most of the control flow error detection technologies based on software are based on label analysis, that is, after a program is divided into basic blocks, labels are allocated to the basic blocks based on a control relationship between the basic blocks, and label updating and label checking instructions are inserted to perform control flow error detection. The current control flow error detection method based on software implementation still has the following two problems: (1) there is a detection blind spot problem. The existing methods can achieve higher error detection rate, but detection blind spots of different degrees exist. For example, a cfcaf (Control Flow Checking based on Abstract basic block and formatted designation) method proposed by li establishment et al of the university of defense science and technology may partially miss Control Flow errors occurring in and between basic blocks, and an rcfc (regulated Control Flow Checking) method proposed by Zhu et al of dallas university, texas analyzes only one type of Control Flow hopping law in a Control Flow graph, and may not detect other illegal hops. (2) Trade-off between performance and reliability. Error detection techniques that achieve high efficiency cost ratios have been a major research goal in the field of reliability. In addition, although some detection technologies reduce instrumentation instructions, detection blind spots are increased at the same time.
In summary, the existing control flow error detection method based on label analysis has a balance problem among error detection rate, error detection timeliness and performance overhead. Therefore, how to efficiently and accurately detect the control flow error caused by the transient fault is a problem needing intensive research.
Disclosure of Invention
The invention aims to provide a control flow error detection method based on basic block repartitioning.
The technical solution for realizing the purpose of the invention is as follows: a control flow error detection method based on basic block repartitioning comprises the following steps:
step 1, analyzing a control flow graph of a target program, and classifying basic blocks in the program;
step 2, the basic blocks in the target program are subdivided according to the basic block classification information obtained in the step 1;
step 3, generating a static label value of the basic block and initial label values of the node type label and a precursor subsequent label for the target program subjected to the basic block repartitioning operation in the step 2;
step 4, performing instrumentation of the node type label and the update code of the precursor successor label on the target program obtained in the step 2;
step 5, performing instrumentation of the node type label and the label check code of the precursor successor label on the target program obtained in the step 4;
step 6, performing basic internal control flow error detection code instrumentation on the target program obtained in the step 5;
step 7, performing inter-process control flow error detection code instrumentation on the target program obtained in the step 6;
and 8, performing a fault injection experiment on the target program subjected to the instrumentation error detection code obtained in the step 7, and evaluating the control flow error detection capability caused by the transient fault.
Compared with the prior art, the invention has the following remarkable advantages: 1) the invention uses a double-label detection mechanism combining the node type label and the predecessor successor label, and can more comprehensively track the jump of the program control flow graph, thereby reducing the omission factor of control flow error detection; 2) the double-label detection mechanism realized by the invention needs fewer instructions for pile insertion, and reduces the time overhead while ensuring the detection rate.
Drawings
Fig. 1 is a flowchart of a control flow error detection method based on basic block repartitioning according to the present invention.
FIG. 2 is a comparison graph of control flow error detection method performance overhead.
Fig. 3 is a graph comparing program failure rates.
Detailed Description
The invention is further illustrated by the following examples in conjunction with the accompanying drawings.
As shown in fig. 1, the method for detecting errors in control flow based on basic block repartitioning of the present invention includes the following steps:
step 1, analyzing a control flow graph of a target program, and classifying basic blocks in the program;
the basic block classification rule is as follows:
for any bbiIf card (Pred (bb)i) 1 and card (Succ (bb))i) 1) then bbiE.g. SISO. SISO is a single-outlet single-inlet node set, and a basic block node in the set is only provided with one precursor node and one successor node. For any bbiIf card (Pred (bb)i) 1 and card (Succ (bb))i) 1) then bbiE.g., MISO. The MISO is a single-egress multi-ingress node set, with a basic block node within the set having multiple predecessor nodes and one successor node. For any bbiIf card (Pred (bb)i) Is not less than 1 and card (Succ (bb))i) 2, then bbiE.g., MISO. The MO is a multi-outlet node set, and a basic block node in the set has a plurality of successor nodes.
Wherein Succ (bb)i) Representing a node bb in a control flow graphiAll successor node sets of (2), Pred (bb)i) Representing a node bb in a control flow graphiAll predecessor node sets ofAnd card (·) represents the number of collection elements.
Step 2, the basic blocks in the target program are subdivided according to the basic block classification information obtained in the step 1; the basic block repartitioning method specifically comprises three steps:
step 2.1: if bbi∈SISO,bbjE.g. SISO, and bbj∈Succ(bbi) Bb theni'=bbi∪bbj,bbi' combining the obtained basic blocks;
step 2.2: if bbi∈MISO∪MO,bbjE.g. MISO ∪ MO, and bbj∈Succ(bbi) Then is at<bbi,bbj>Inserting empty basic block bb in jumping pathijSo that card (Succ (bb)i))=1,card(Pred(bbj))=1,Succ(bbi)=Pred(bbj)=bbij
Step 2.3: if bbinE, SISO, and generating a precursor basic block bb for the E SISOin', if bboutE, SISO, and generating a subsequent basic block bb for the E SISOout', such that bbin'∈MISO∪MO,bbout' epsilon MISO ∪ MO. wherein bbin' is an inlet basic block, bbout' Outlet is an outlet basic block.
Step 3, generating a static label value of the basic block and initial label values of the node type label and a precursor subsequent label for the target program subjected to the basic block repartitioning operation in the step 2;
the label generation rule is as follows:
any bbiE.g. BB', if BBiSIG _ GEN (bb) if MISO ∪ MOi)=SiAnd for any bbjBelongs to BB', j ≠ i, and has SIG _ GEN (BB)j)=Sj≠Si;NTSinitial=NTS_GEN(bbin')=0;SPSinitial=SPS_GEN(bbin')=SIG_GEN(bbin');
Wherein BB' represents the control flow graph after the basic block is re-divided in the step 2; NTS represents label value of node type at runtime, and is a global variableTracking changes in the type of basic block nodes at program run time; the SPS represents a value of a precursor successor label in the running process, is a global variable and is used for tracking the change of the predecessor successor label of the basic block in the running process of the program; SIG GEN represents the static tag values assigned to the basic block at compile-time. NTS _ GEN is a node type label generating function and generates an initial label value NTS for the node type labelinitialThe SPS _ GEN is a precursor subsequent label generating function, and an initial label value SPS is generated for the precursor subsequent labelinitial
Step 4, performing instrumentation of the node type label and the update code of the precursor successor label on the target program obtained in the step 2;
the label updating rule is as follows:
if bbiE, MISO ∪ MO, then NTS _ UPDATE (NTS) is 1;
if bbiE, SISO, then NTS _ UPDATE (NTS) is 0;
if bbiFrom the element SISO, SPS _ UPDATE (SPS) ═ SIG _ GEN (Succ (bb))i))。
The NTS _ UPDATE is a node type label updating function, the node type label is updated when the program runs, the SPS _ UPDATE is a precursor subsequent label updating function, and the precursor subsequent label is updated when the program runs.
Step 5, performing instrumentation of the node type label and the label check code of the precursor successor label on the target program obtained in the step 4;
the label verification rule is as follows:
if bbiE.g., SISO, NTS _ check (NTS) ═ 1, i.e., it is determined whether NTS is equal to 1, if it is equal to 1, no control flow error occurs, and if it is not equal to 1, a control flow error occurs. If bbiE, is from MISO ∪ MO, NTS _ check (NTS) is 0, that is, whether NTS is equal to 0 is determined, if yes, no control flow error occurs, and if not, a control flow error occurs;
if bbi∈SISO,SPS_CHECK(SPS)=SIG_GEN(Pred(bbi) SPS _ CHECK function is used the same as NTS _ CHECK function.
The node type label checking function of the NTS _ CHECK node CHECKs the node type label when the program runs, the SPS _ CHECK is a predecessor successor label checking function, and the predecessor successor label is checked when the program runs.
Step 6, performing basic internal control flow error detection code instrumentation on the target program obtained in the step 5;
the basic inner control flow error detection code instrumentation rule is as follows:
inserting NTS + random in basic blockintraAnd NTS ═ NTS-randomintraTwo tag update instructions, which need to be present in pairs within a basic block, randomintraThe values are randomly generated when the program compiles the insertion detection code.
Step 7, performing inter-process control flow error detection code instrumentation on the target program obtained in the step 6;
the inter-process control flow error detection code instrumentation rule is as follows:
if call _ bb belongs to SISO, then
SPS_CALL_BEFORE(SPS)=SPS+SIG_GEN(entry_fun_bb)-SIG_GEN(Succ(call_bb));
If call _ bb ∈ MISO ∪ MO, then
SPS_CALL_BEFORE(SPS)=SPS+(SIG_GEN(entry_fun_bb)-SIG_GEN(call_bb));
If call _ bb belongs to SISO, then
SPS_CALL_AFTER(SPS)=SPS+SIG_GEN(Succ(call_bb))-SIG_GEN(ret_fun_bb);
If call _ bb ∈ MISO ∪ MO, then
SPS_CALL_AFTER(SPS)=SPS+(SIG_GEN(call_bb)-SIG_GEN(ret_fun_bb))。
The method comprises the steps that a CALL _ bb is a basic block where a function calling instruction is located, an entry _ fun _ bb is an entry basic block of a called function, a ret _ fun _ bb is an exit basic block of the called function, an SPS _ CALL _ BEFORE is a predecessor successor tag update needing to be executed BEFORE the function calling, and an SPS _ CALL _ AFTER is a predecessor successor tag update needing to be executed AFTER the function is returned.
And 8, performing a fault injection experiment on the target program subjected to the instrumentation error detection code obtained in the step 7, and evaluating the control flow error detection capability caused by the transient fault.
The invention subdivides basic blocks, divides basic block nodes in a control flow graph into two types, designs a double-label error detection mechanism, provides a control flow error detection method based on the double-label error detection mechanism, can detect most basic inter-block control flow transfer errors through fewer inserted instructions, and provides a solution for detecting the control flow errors in the basic blocks and in the process by combining the designed label detection mechanism. The method has high detection rate on the control flow errors and low performance overhead, and can be applied to detection of the control flow errors caused by transient faults in severe environments.
Examples
In order to verify the effectiveness of the scheme of the invention, four benchmark test programs, namely, a Matrix Multiplication (MM), a Fast Fourier Transform (FFT), a quick sequencing (Qsort) and a shortest path algorithm (Dijkstra), are used as target programs, and the following simulation experiments are carried out.
A control flow error detection method based on basic block repartitioning comprises the following steps:
step 1, analyzing a control flow graph of a target program, and classifying basic blocks in the program;
the basic block classification rule is as follows:
for any bbiIf card (Pred (bb)i) 1 and card (Succ (bb))i) 1) then bbiE.g. SISO. SISO is a single-outlet single-inlet node set, and a basic block node in the set is only provided with one precursor node and one successor node. For any bbiIf card (Pred (bb)i) 1 and card (Succ (bb))i) 1) then bbiE.g., MISO. The MISO is a single-egress multi-ingress node set, with a basic block node within the set having multiple predecessor nodes and one successor node. For any bbiIf card (Pred (bb)i) Is not less than 1 and card (Succ (bb))i) 2, then bbiE.g., MISO. The MO is a multi-outlet node set, and the basic block nodes in the set are multipleAnd (5) a successor node.
Wherein Succ (bb)i) Representing a node bb in a control flow graphiAll successor node sets of (2), Pred (bb)i) Representing a node bb in a control flow graphiAnd all predecessor node sets, card (·), represent the number of set elements.
Step 2, the basic blocks in the target program are subdivided according to the basic block classification information obtained in the step 1; the basic block repartitioning method specifically comprises three steps:
step 2.1: if bbi∈SISO,bbjE.g. SISO, and bbj∈Succ(bbi) Bb theni'=bbi∪bbj,bbi' combining the obtained basic blocks;
step 2.2: if bbi∈MISO∪MO,bbjE.g. MISO ∪ MO, and bbj∈Succ(bbi) Then is at<bbi,bbj>Inserting empty basic block bb in jumping pathijSo that card (Succ (bb)i))=1,card(Pred(bbj))=1,Succ(bbi)=Pred(bbj)=bbij
Step 2.3: if bbinE, SISO, and generating a precursor basic block bb for the E SISOin', if bboutE, SISO, and generating a subsequent basic block bb for the E SISOout', such that bbin'∈MISO∪MO,bbout' epsilon MISO ∪ MO. wherein bbin' is an inlet basic block, bbout' Outlet is an outlet basic block.
Step 3, generating a static label value of the basic block and initial label values of the node type label and a precursor subsequent label for the target program subjected to the basic block repartitioning operation in the step 2;
the label generation rule is as follows:
any bbiE.g. BB', if BBiSIG _ GEN (bb) if MISO ∪ MOi)=SiAnd for any bbjBelongs to BB', j ≠ i, and has SIG _ GEN (BB)j)=Sj≠Si
NTSinitial=NTS_GEN(bbin')=0;SPSinitial=SPS_GEN(bbin')=SIG_GEN(bbin')。
Wherein BB' represents the control flow graph after the basic block is re-divided in step 2. The NTS represents a label value of the node type of the running time, is a global variable and is used for tracking the change of the node type of the basic block when the program runs; the SPS represents a value of a precursor successor label in the running process, is a global variable and is used for tracking the change of the predecessor successor label of the basic block in the running process of the program; SIG represents the static tag value assigned to the basic block at compile time. NTS _ GEN is a node type label generating function and generates an initial label value NTS for the node type labelinitialThe SPS _ GEN is a precursor subsequent label generating function, and an initial label value SPS is generated for the precursor subsequent labelinitial
Step 4, performing instrumentation of the node type label and the update code of the precursor subsequent label on the target program obtained in the step 2;
the label updating rule is as follows:
if bbiFor e MISO ∪ MO, then NTS _ UPDATE (NTS) is 1, if bbiE, SISO, then NTS _ UPDATE (NTS) is 0;
if bbiFrom the element SISO, SPS _ UPDATE (SPS) ═ SIG _ GEN (Succ (bb))i))。
The NTS _ UPDATE is a node type label updating function, the node type label is updated when the program runs, the SPS _ UPDATE is a precursor subsequent label updating function, and the precursor subsequent label is updated when the program runs.
Step 5, performing instrumentation of the node type label and the label check code of the precursor subsequent label on the target program obtained in the step 4;
the label verification rule is as follows:
if bbiE.g., SISO, NTS _ check (NTS) ═ 1, i.e., it is determined whether NTS is equal to 1, if it is equal to 1, no control flow error occurs, and if it is not equal to 1, a control flow error occurs. If bbiE MISO ∪ MO, NTS _ CHECK (NTS) is 0, that is, it is determined whether NTS is equal to 0, if it is equal to 0, no control flow occursAn error, if not equal to 0, a control flow error has occurred;
if bbi∈SISO,SPS_CHECK(SPS)=SIG_GEN(Pred(bbi) SPS _ CHECK function is used the same as NTS _ CHECK function.
The node type label checking function of the NTS _ CHECK node CHECKs the node type label when the program runs, the SPS _ CHECK is a predecessor successor label checking function, and the predecessor successor label is checked when the program runs.
Step 6, performing basic internal control flow error detection code instrumentation on the target program obtained in the step 5;
the basic inner control flow error detection code instrumentation rule is as follows:
inserting NTS + random in basic blockintraAnd NTS ═ NTS-randomintraTwo tag update instructions, which need to be present in pairs within a basic block, randomintraThe values are randomly generated when the program compiles the insertion detection code.
Step 7, performing inter-process control flow error detection code instrumentation on the target program obtained in the step 6;
the inter-process control flow error detection code instrumentation rule is as follows:
if call _ bb belongs to SISO, then
SPS_CALL_BEFORE(SPS)=SPS+SIG_GEN(entry_fun_bb)-SIG_GEN(Succ(call_bb));
If call _ bb ∈ MISO ∪ MO, then
SPS_CALL_BEFORE(SPS)=SPS+(SIG_GEN(entry_fun_bb)-SIG_GEN(call_bb));
If call _ bb belongs to SISO, then
SPS_CALL_AFTER(SPS)=SPS+SIG_GEN(Succ(call_bb))-SIG_GEN(ret_fun_bb);
If call _ bb ∈ MISO ∪ MO, then
SPS_CALL_AFTER(SPS)=SPS+(SIG_GEN(call_bb)-SIG_GEN(ret_fun_bb))。
The method comprises the steps that a CALL _ bb is a basic block where a function calling instruction is located, an entry _ fun _ bb is an entry basic block of a called function, a ret _ fun _ bb is an exit basic block of the called function, an SPS _ CALL _ BEFORE is a predecessor successor tag update needing to be executed BEFORE the function calling, and an SPS _ CALL _ AFTER is a predecessor successor tag update needing to be executed AFTER the function is returned.
And 8, performing a fault injection experiment on the target program subjected to the instrumentation error detection code obtained in the step 7, and evaluating the control flow error detection capability caused by the transient fault.
Figure 2 presents a comparison of control flow error detection method performance overhead. The CFCSS method is a classical control flow error detection method, and the CFCBS method is a lightweight control flow error detection method based on branch sequence labels. The CEDBR is a basic block repartitioning-based control flow error detection mechanism proposed herein. CEDBR-1 is a method of implementing herein only basic inter-block error detection, CEDBR-2 is a method of implementing herein basic inter-block and basic intra-block error detection, and CEDBR-3 is a method of implementing herein basic intra-block, basic inter-block, and inter-process error detection. Fig. 3 shows a comparison of program failure rates. As can be seen from fig. 2 and fig. 3, the method of the present invention can obtain a higher detection rate of control flow errors with a lower time overhead.

Claims (8)

1. A control flow error detection method based on basic block repartitioning is characterized by comprising the following steps:
step 1, analyzing a control flow graph of a target program, and classifying basic blocks in the program;
step 2, the basic blocks in the target program are subdivided according to the basic block classification information obtained in the step 1;
step 3, generating a static label value of the basic block and initial label values of the node type label and a precursor subsequent label for the target program subjected to the basic block repartitioning operation in the step 2;
step 4, performing instrumentation of the node type label and the update code of the precursor successor label on the target program obtained in the step 2;
step 5, performing instrumentation of the node type label and the label check code of the precursor successor label on the target program obtained in the step 4;
step 6, performing basic internal control flow error detection code instrumentation on the target program obtained in the step 5;
step 7, performing inter-process control flow error detection code instrumentation on the target program obtained in the step 6;
and 8, performing a fault injection experiment on the target program subjected to the instrumentation error detection code obtained in the step 7, and evaluating the control flow error detection capability caused by the transient fault.
2. The method for detecting control flow errors based on basic block repartitioning of claim 1, wherein the basic block classification rules in step 1 are as follows:
for any bbiIf card (Pred (bb)i) 1 and card (Succ (bb))i) 1) then bbiE.g. SISO; SISO is a single-outlet single-inlet node set, and basic block nodes in the set only have one precursor node and one successor node; for any bbiIf card (Pred (bb)i) 1 and card (Succ (bb))i) 1) then bbiThe method comprises the following steps that (1) an element is left as MISO, the MISO is a single-outlet multi-inlet node set, and a basic block node in the set comprises a plurality of predecessor nodes and a successor node; for any bbiIf card (Pred (bb)i) Is not less than 1 and card (Succ (bb))i) 2, then bbiAnd epsilon to MO. The MO is a multi-outlet node set, and a basic block node in the set is provided with a plurality of successor nodes;
wherein Succ (bb)i) Representing a node bb in a control flow graphiAll successor node sets of (2), Pred (bb)i) Representing a node bb in a control flow graphiAnd all predecessor node sets, card (·), represent the number of set elements.
3. The method for detecting control flow errors based on basic block repartitioning of claim 1, wherein the basic block repartitioning method in step 2 specifically comprises three steps:
step 2.1: if bbi∈SISO,bbjE.g. SISO, and bbj∈Succ(bbi) Bb theni'=bbi∪bbj,bbi' combining the obtained basic blocks;
step 2.2: if bbi∈MISO∪MO,bbjE.g. MISO ∪ MO, and bbj∈Succ(bbi) Then is at<bbi,bbj>Inserting empty basic block bb in jumping pathijSo that card (Succ (bb)i))=1,card(Pred(bbj))=1,Succ(bbi)=Pred(bbj)=bbij
Step 2.3: if bbinE, SISO, and generating a precursor basic block bb for the E SISOin', if bboutE, SISO, and generating a subsequent basic block bb for the E SISOout', such that bbin'∈MISO∪MO,bbout' epsilon MISO ∪ MO, wherein bbin' is an inlet basic block, bbout' Outlet is an outlet basic block.
4. The method for detecting control flow errors based on basic block repartitioning of claim 1, wherein the label generation rule of step 3 is as follows:
any bbiE.g. BB', if BBiSIG _ GEN (bb) if MISO ∪ MOi)=SiAnd for any bbjBelongs to BB', j ≠ i, and has SIG _ GEN (BB)j)=Sj≠Si;NTSinitial=NTS_GEN(bbin')=0;SPSinitial=SPS_GEN(bbin')=SIG_GEN(bbin');
Wherein BB' represents the control flow graph after the basic block is re-divided in the step 2; the NTS represents a label value of the node type of the running time, is a global variable and is used for tracking the change of the node type of the basic block when the program runs; the SPS represents a value of a precursor successor label in the running process, is a global variable and is used for tracking the change of the predecessor successor label of the basic block in the running process of the program; SIG _ GEN represents the static tag value assigned to the basic block at compile time; NTS _ GEN is a node type label generating function and generates an initial label value NTS for the node type labelinitialSPS GEN is a precursor successor tag generation function,generating an initial tag value SPS for a predecessor successor taginitial
5. The method for detecting control flow errors based on basic block repartitioning of claim 1, wherein the label update rule of step 4 is as follows:
if bbiE, MISO ∪ MO, then NTS _ UPDATE (NTS) is 1;
if bbiE, SISO, then NTS _ UPDATE (NTS) is 0;
if bbi∈SISO,SPS_UPDATE(SPS)=SIG_GEN(Succ(bbi));
The NTS _ UPDATE is a node type label updating function, the node type label is updated when the program runs, the SPS _ UPDATE is a precursor subsequent label updating function, and the precursor subsequent label is updated when the program runs.
6. The method according to claim 1, wherein the tag check rule in step 5 is as follows:
if bbiE.g., SISO, NTS _ check (NTS) ═ 1, i.e., it is determined whether NTS is equal to 1, if it is equal to 1, no control flow error occurs, and if it is not equal to 1, a control flow error occurs. If bbiE, is from MISO ∪ MO, NTS _ check (NTS) is 0, that is, whether NTS is equal to 0 is determined, if yes, no control flow error occurs, and if not, a control flow error occurs;
if bbi∈SISO,SPS_CHECK(SPS)=SIG_GEN(Pred(bbi) SPS _ CHECK function is used the same as NTS _ CHECK function;
the node type label checking function of the NTS _ CHECK node CHECKs the node type label when the program runs, the SPS _ CHECK is a predecessor successor label checking function, and the predecessor successor label is checked when the program runs.
7. The method according to claim 1, wherein the basic intra-control flow error detection code instrumentation rule of step 6 is as follows:
inserting NTS + random in basic blockintraAnd NTS ═ NTS-randomintraTwo tag update instructions, which need to be present in pairs within a basic block, randomintraThe values are randomly generated when the program compiles the insertion detection code.
8. The method of claim 1, wherein the inter-process control flow error detection code instrumentation rule in step 7 is as follows:
if call _ bb belongs to SISO, then
SPS_CALL_BEFORE(SPS)=SPS+SIG_GEN(entry_fun_bb)-SIG_GEN(Succ(call_bb));
If call _ bb ∈ MISO ∪ MO, then
SPS_CALL_BEFORE(SPS)=SPS+(SIG_GEN(entry_fun_bb)-SIG_GEN(call_bb));
If call _ bb belongs to SISO, then
SPS_CALL_AFTER(SPS)=SPS+SIG_GEN(Succ(call_bb))-SIG_GEN(ret_fun_bb);
If call _ bb ∈ MISO ∪ MO, then
SPS_CALL_AFTER(SPS)=SPS+(SIG_GEN(call_bb)-SIG_GEN(ret_fun_bb));
The method comprises the steps that a CALL _ bb is a basic block where a function calling instruction is located, an entry _ fun _ bb is an entry basic block of a called function, a ret _ fun _ bb is an exit basic block of the called function, an SPS _ CALL _ BEFORE is a predecessor successor tag update needing to be executed BEFORE the function calling, and an SPS _ CALL _ AFTER is a predecessor successor tag update needing to be executed AFTER the function is returned.
CN201910959641.2A 2019-10-10 2019-10-10 Control flow error detection method based on basic block repartitioning Pending CN110806972A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910959641.2A CN110806972A (en) 2019-10-10 2019-10-10 Control flow error detection method based on basic block repartitioning

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910959641.2A CN110806972A (en) 2019-10-10 2019-10-10 Control flow error detection method based on basic block repartitioning

Publications (1)

Publication Number Publication Date
CN110806972A true CN110806972A (en) 2020-02-18

Family

ID=69488106

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910959641.2A Pending CN110806972A (en) 2019-10-10 2019-10-10 Control flow error detection method based on basic block repartitioning

Country Status (1)

Country Link
CN (1) CN110806972A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101763291A (en) * 2009-12-30 2010-06-30 中国人民解放军国防科学技术大学 Method for detecting error of program control flow
WO2011148319A1 (en) * 2010-05-28 2011-12-01 International Business Machines Corporation Computer-implemented method, computer program product and system for analyzing a control-flow in a business process model
CN103345445A (en) * 2013-07-02 2013-10-09 华中科技大学 Security chip design method based on control flow detection and resistant to error injection attack
CN107038084A (en) * 2016-02-03 2017-08-11 北京邮电大学 A kind of program detecting method and device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101763291A (en) * 2009-12-30 2010-06-30 中国人民解放军国防科学技术大学 Method for detecting error of program control flow
WO2011148319A1 (en) * 2010-05-28 2011-12-01 International Business Machines Corporation Computer-implemented method, computer program product and system for analyzing a control-flow in a business process model
CN103345445A (en) * 2013-07-02 2013-10-09 华中科技大学 Security chip design method based on control flow detection and resistant to error injection attack
CN107038084A (en) * 2016-02-03 2017-08-11 北京邮电大学 A kind of program detecting method and device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
张倩雯: "恶劣环境下嵌入式系统软件错误检测技术的研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *

Similar Documents

Publication Publication Date Title
Du et al. Windranger: A directed greybox fuzzer driven by deviation basic blocks
US8533685B2 (en) Processing apparatus, trace unit and diagnostic apparatus
Zhou et al. Zeror: Speed up fuzzing with coverage-sensitive tracing and scheduling
US20100011243A1 (en) Methods, systems and media for software self-healing
CN109635568B (en) Concurrent vulnerability detection method based on combination of static analysis and fuzzy test
US9396095B2 (en) Software verification
Vishnyakov et al. Sydr: Cutting edge dynamic symbolic execution
Condia et al. Combining architectural simulation and software fault injection for a fast and accurate CNNs reliability evaluation on GPUs
Vankeirsbilck et al. Random additive control flow error detection
Cachera et al. Certified memory usage analysis
Jeon et al. Architectural vulnerability modeling and analysis of integrated graphics processors
Kwon et al. Cost-effective regression testing using bloom filters in continuous integration development environments
Martínez-Álvarez et al. Fault tolerant embedded systems design by multi-objective optimization
Yu et al. HTFuzz: Heap Operation Sequence Sensitive Fuzzing
Georgakoudis et al. Safire: Scalable and accurate fault injection for parallel multithreaded applications
Zhang et al. Test case prioritization using partial attention
CN110806972A (en) Control flow error detection method based on basic block repartitioning
McIntyre et al. Trustworthy computing in a multi-core system using distributed scheduling
Solouki et al. An experimental evaluation of control flow checking for automotive embedded applications compliant with iso 26262
Zhu et al. Control Flow Checking Optimization Based on Regular Patterns Analysis
Hatas et al. Efficient Evolutionary Fuzzing for Android Application Installation Process
Zhang et al. The Journal of Systems & Software
Bhardwaj et al. Fuzz testing in stack-based buffer overflow
Osinski et al. PyFI-fault injection platform for real hardware
Itsuji et al. Concurrent detection of failures in GPU control logic for reliable parallel computing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20200218

WD01 Invention patent application deemed withdrawn after publication